Re: fedup: does not verify source

Adam Williamson wrote: > On Tue, 2012-12-18 at 02:05 +0100, Björn Persson wrote: > > Adam Williamson wrote: > > > anyhow, the tricky thing here lies in somehow making it safe for > > > fedup to *automatically* import the correct key for the next > > >

Re: Proposed F19 Feature: Package Signature Checking During Installation

ys to verify any packages it downloads. It's enough to verify downloaded packages in that case. Packages included on the boot medium don't need to be checked if the boot medium is trusted, but of course it doesn't hurt to verify those too if it's easier to program that way.

Re: Proposed F19 Feature: Package Signature Checking During Installation

Peter Jones wrote: > On Tue, Jan 08, 2013 at 05:46:04PM +0100, Björn Persson wrote: > > In my opinion, if Anaconda finds that it was booted without Secure > > Boot, then it should assume that the user has verified the checksum on > > the installation image and that the keys

Re: Proposed F19 Feature: Package Signature Checking During Installation

k. Anaconda shouldn't proceed unless you tell it that you have checked the boot image manually and found it to be genuine. This could be done with a button that you have to clik on, labeled "Yes I checked the boot image." Or the fact that you booted the boot image could be taken

Re: Proposed F19 Feature: Package Signature Checking During Installation

Stephen John Smoogen wrote: > On 10 January 2013 14:17, Björn Persson wrote: > > Adam Jackson wrote: > >> On Thu, 2013-01-10 at 17:56 +0100, Till Maas wrote: > >> > But why should anaconda not verify packages if secure boot is disabled? > >> > >> F

Adding asynchronous name resolution to GlibC (was: Reproposed F19 Feature: Fix Network Name Resolution)

u make them a separate, portable library, then they can be installed on all Unix-like systems, and maybe other operating systems too, and programs that use them will also be portable. Wouldn't that be better? Björn Persson signature.asc Description: PGP signature -- dev

Re: Adding asynchronous name resolution to GlibC

ronous name resolution without involvement of threads and > suchlike then your only option is to make NSS asynchronous in itself, > and you cannot do that without reworking glibc substantially. Thank you for presenting a valid argument instead of just ranting sarcastically. Björn Persson signat

Re: [rawhide] ideas to improve rawhide

o be manually started and monitored it will always take some time. I imagine that quite a few people would be annoyed if GCC would be delayed while we rebuild the Ada packages. Björn Persson signature.asc Description: PGP signature -- devel mailing list devel@lists.fedoraproject.org http

Re: [rawhide] ideas to improve rawhide

le it should be possible to do the rebuild entirely automatically, if we allow automated processes to push to Git. Even a client-side tool to do rebuilds in dependency order would help, but I haven't yet figured out how to write one. Björn Persson signature.asc Description: PGP signature --

Re: Proposed F19 Feature: Fedora Upgrade - using yum

e to have. Then maybe "yum upgrade" > could require (or at least recommend) switching to that mode first. Isn't that essentially what Fedup does? Björn Persson signature.asc Description: PGP signature -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel

Re: Proposed F19 Feature: Fedora Upgrade - using yum

s that upgrading by Yum isn't supported, as Fedora is said to be community-supported and the community seems to be supporting Yum upgrades about as well as any other aspect of Fedora. Björn Persson signature.asc Description: PGP signature -- devel mailing list devel@lists.fedoraproject

Re: rawhide report: 20130125 changes

florist-2011-8.fc18.i686 requires libgnarl-4.7.so > > florist-2011-8.fc18.x86_64 requires libgnat-4.7.so()(64bit) > > florist-2011-8.fc18.x86_64 requires libgnarl-4.7.so()(64bit) Same thing as with zeromq-ada: "BuildRequires: gcc-gnat" is missing. Björn Per

Re: Fairly serious GCC 4.8 Ada regression

plot. Wow, that's a weird compiler bug. Your test program works for me if I change the conversion to Integer(Long_Long_Integer(R1)). Perhaps you could patch PLplot with that workaround while we wait for a fix to GCC? Björn Persson signature.asc Description: PGP signature -- devel mailing lis

Re: Proposed F19 Feature: Virtio RNG

in the cryptographic language I'm used to. Ah, according to this: http://software.intel.com/en-us/blogs/2012/11/17/the-difference-between-rdrand-and-rdseed RDRAND doesn't output random numbers, only pseudorandom numbers. I suppose that's what you meant. Björn Persson signatu

Re: Another unannounced soname bump: libseccomp

d do that, and retry the scratch build once a day, then it would eventually work its way through dependency chains. Björn Persson signature.asc Description: PGP signature -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel

Re: Fedora 16 EOL Bugzilla Closure - strange behavior?

ript uses CSV generated from Bugzilla in one time but > as the script runs nearly for a day, conflicts can happen... I seem to recall that I've seen Bugzilla detect and warn about conflicting concurrent changes. It would seem like a good idea to have the script use that mech

Re: Improving the Fedora boot experience

ding the graphical screen will be a win in terms of reduced visual noise. What would there be instead? A text-mode boot menu? Or nothing at all displayed unless the user happens to know to press some key at the right moment? Björn Persson signature.asc Description: PGP signature -- devel

Re: Improving the Fedora boot experience

Ryan Lerch wrote: > Does the bootup screen require any keyboard other input at all other > than escape to bring up the details? It must be possible to enter a disk encryption password. Björn Persson signature.asc Description: PGP signature -- devel mailing list devel@lists.fedoraproje

Re: Improving the Fedora boot experience

is made the harder it will be to understand. I estimate that at least 15 seconds would be needed. Adding "Press Enter to save a few seconds." would make it even more text to read and understand. Björn Persson signature.asc Description: PGP signature -- devel mailing

Re: Improving the Fedora boot experience

t before the BIOS > disappears. But how are users supposed to discover it? Björn Persson signature.asc Description: PGP signature -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel

Re: Improving the Fedora boot experience

that way. As I already wrote, if the Grub menu is simply displayed, then five seconds is enough. Much better. And if you want to save those five seconds you just need to press Enter. Björn Persson signature.asc Description: PGP signature -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel

Re: Improving the Fedora boot experience

add some kernel parameter to get the system up enough to solve some boot problem? Detecting that the previous boot failed is nice and all, but that mechanism needs to be totally infallible if it's going to be the only way the Grub menu can be accessed. Björn Persson signature.asc Description:

Re: Improving the Fedora boot experience

whether and how I'll be able to revert if anything goes wrong. > Your TV (which likely has embedded Linux)? Your car? > Windows? OS X? I don't have any of those, and I doubt I'll ever buy a car when I want a general-purpose computer. Björn Persson signature.asc Description:

Re: Improving the Fedora boot experience

Lennart Poettering wrote: > On Mon, 11.03.13 21:20, Björn Persson (bjorn@rombobjörn.se) wrote: > > > Peter Robinson wrote: > > > It use to only be displayed if there was more than one OS configured > > > or if the CTRL was held down. Having to press a particular key

Re: Improving the Fedora boot experience

e boot loader because the OS fails to boot. Björn Persson signature.asc Description: PGP signature -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel

Re: Improving the Fedora boot experience

it? Could there at least be some instructions displayed *after* I accidentally succeed the first time, so I'll know how to do it next time? Björn Persson signature.asc Description: PGP signature -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel

Re: Improving the Fedora boot experience

be a significant problem. Could you explain why you think people are likely to press random keys by mistake during the boot? I don't think that has ever happened to me. Björn Persson signature.asc Description: PGP signature -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel

Re: Improving the Fedora boot experience

he disk encryption passphrase." Are there other messages that Plymouth may need to display? I would guess there aren't so many that the scalability of this approach would be a problem. Björn Persson signature.asc Description: PGP signature -- devel mailing list devel@lists.fedoraproject.

Re: Improving the Fedora boot experience

Przemek Klosowski wrote: > On 03/11/2013 05:03 PM, Björn Persson wrote: > > >> Your TV (which likely has embedded Linux)? Your car? > >> Windows? OS X? > > > > I don't have any of those, and I doubt I'll ever buy a car when I want > > a genera

Re: fedora release name problem

nges left and right. As I understand it Fedora has release names because people like to see them displayed in various places. That means they are user-visible content. Björn Persson signature.asc Description: PGP signature -- devel mailing list devel@lists.fedoraproject.org https://admin.fedo

When to publish the release key

owing up on the mirrors, and on the keyservers there is a key that claims to be the Fedora 19 release key, generated on the first of December, but since the key isn't signed and isn't on the web page I have no way of verifying it. Björn Persson signature.asc Description: PGP signature -

Re: When to publish the release key

Kevin Fenzi wrote: > On Tue, 19 Mar 2013 21:24:22 +0100 > Björn Persson wrote: > > > Is there a date in the release schedule when the new release key shall > > be added to <https://fedoraproject.org/keys>? It seems logical to me > > to publish the key as soo

Re: Status of weak dependencies support in Fedora 21+

7;t room to install them even temporarily I'll have to avoid DNF and do the dependency resolution manually? Björn Persson signature.asc Description: PGP signature -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct

Re: Mozilla enabled ads in Firefox and they're active in Fedora

echnical reasons. > > Mozilla can track impressions, clicks, and the > > number of ads a user hides or pins. I'm wondering how that works. If I disable the ads by setting the new tab page to about:blank, will that also disable the tracking? Björn Persson signature.asc Description

Re: Enable tapping by default

thers that much, and is on by default in most operating systems > and Linux distributions. > > What can we do to make this happen? Perhaps demonstrate that it won't cause the rest of us to click on random things by accident, instead of just thinking so? Björn Persson signat

Re: Enable tapping by default

Mustafa Muhammad wrote: > On Mon, Nov 17, 2014 at 2:49 PM, Björn Persson wrote: > > Perhaps demonstrate that it won't cause the rest of us to click on > > random things by accident, instead of just thinking so? > > I didn't say that, I said, "I don

Re: Enable tapping by default

Note that I'm not against changing this default. I'm against changing it based on nothing but a baseless belief that it won't bother people. Björn Persson signature.asc Description: PGP signature -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.

Re: Status of weak dependencies support in Fedora 21+

cases where it would swap the > semantics of weak and very weak deps (i.e. treat Recommends as Suggests and > vice versa). Yeah, doing both at once would be rather crazy. The quoted sentence says "or", not "and". Björn Persson signature.asc Description: PGP signature -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct

Re: Enable tapping by default

Jaroslav Nahorny wrote: > [1] I know it's a far analogy, but let's try to imagine: > Let's disable wifi hardware by default. Why? Because some people are not > aware of this feature. They want to use their eth interface, and having > wireless interface turned on produces unnecessary „noise” and co

allowing programs to open ports (was: 5tFTW: Fedora 21, 22, and 19, firewall discussion, and holiday break)

the Berkeley socket API? Alternatively, cut out the packet filter and have GlibC ask the user whether the call to bind or connect shall be allowed to succeed (or automatically allow or deny the call if so configured). This has the advantage that the program is informed that it's not allow

trusted apps and trusted networks (was: 5tFTW: Fedora 21, 22, and 19, firewall discussion, and holiday break)

;t be trusted on untrusted networks, then including it in a "trusted app list" seems very wrong. Since you didn't even give the user an option to allow Gnome-user-share to communicate on the untrusted network, your list seems more ĺike a list of known defective apps. -- Björn Pers

Re: allowing programs to open ports

Stephen John Smoogen wrote: >On 21 December 2014 at 09:28, Björn Persson >wrote: > >> Mattia Verga wrote: >> >The alternative could be a "open approach" from Firewalld, where an >> >application, when it's executed, can inform firewalld that needs t

Re: allowing programs to open ports

general I wish people could discuss the technical merits of proposed solutions without turning the discussions into personal fights all the time. -- Björn Persson signature.asc Description: PGP signature -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/

Re: allowing programs to open ports

Florian Weimer wrote: >On 12/21/2014 05:28 PM, Björn Persson wrote: > >> Alternatively, cut out the packet filter and have GlibC ask the user >> whether the call to bind or connect shall be allowed to succeed (or >> automatically allow or deny the call if so configured). T

Re: allowing programs to open ports

to get all of those distributions, OSes and organizations to agree on a single firewall-opening protocol, regardless of whether that protocol would then be used from GlibC of from each program individually. -- Björn Persson signature.asc Description: PGP signature -- devel mailing list devel@lis

Re: trusted apps and trusted networks

ry to open a port would get an error code and have a chance to report the failure, rather than waiting in vain for requests that are being silently dropped. -- Björn Persson pgp4mlfgPYOIQ.pgp Description: OpenPGP digital signatur -- devel mailing list devel@lists.fedoraproject.org https://admin.

Re: GUI applications writing garbage to stdout/stderr

or a logging >service. Nah, it takes only a command line parameter to turn on debug logging. An environment variable could also be used. A different build isn't needed. It's no harder to make logging conditional at run time than it is to make it conditional at build time. -- Björn Pe

Re: GUI applications writing garbage to stdout/stderr

Alexander Ploumistos wrote: >On Thu, Jan 15, 2015 at 12:09 AM, Björn Persson >wrote: > >> Alexander Ploumistos wrote: >> >On the other hand, if every message that was not meant for the user >> >were suppressed, it would be very difficult to troubleshoot such a

Re: GUI applications writing garbage to stdout/stderr

rbled (which is in my case most often caused by character encoding bugs), I press up and then down to get it refreshed. That's not an argument for writing garbage to terminals, but it's a better workaround than starting over and it doesn't clear the screen. That's in Bash by

Re: GUI applications writing garbage to stdout/stderr

put nothing, and terminated immediately with an exit code of zero. In other words it behaved just like the command "true". That's going a bit too far. (I wrote a bug report and was told that Openoffice was fixed to write an error message and return an error code.) -- Björn P

Re: against dnssec

n I'll pick authenticated denial and offline signers. Hostnames have never been secret. DNS lookups are unencrypted, so every time you look up a name you tell any snoopers that that name exists. Why would you need secret hostnames anyway? -- Björn Persson pgpxLz0ew7wTa.pgp Description: Open

Re: against dnssec

within an organization where the same group of administrators control both servers and clients, but not on a laptop that connects to random hotspots. -- Björn Persson pgp9VSEtKbZoN.pgp Description: OpenPGP digital signatur -- devel mailing list devel@lists.fedoraproject.org https://admin.fedor

Re: Summary/Minutes for today's FESCo meeting (2015-01-21)

Dennis Gilmore wrote: >* #1381 Nonresponsive maintainer: odysseus (dgilmore, 18:17:42) > * AGREED: he is awol and his packages should be orphaned per the >process (7+, 0-) (dgilmore, 18:23:43) Fedora is less patient than Penelope was. :-) -- Björn Persson pgpXH5OxrBANS.pgp De

Re: NowpPublishing fedora developer PGP keys in DNSSEC

ssume that everything is ASCII: $ openpgpkey --create Bjorn@Rombobjörn.se Traceback (most recent call last): File "/usr/bin/openpgpkey", line 189, in if "<%s>"%args.email in uid: UnicodeDecodeError: 'ascii' codec can't decode byte 0xc3 in position 14:

Re: Now Publishing fedora developer PGP keys in DNSSEC

ho have entered key IDs in FAS are using keys that are even older than that. I'd be much more ready to believe that almost all of them have entered fakeable 32-bit key IDs of their version 4 keys instead of the more secure 64-bit key IDs. -- Björn Persson pgpDEkTMGiZtP.pgp Descrip

Re: initscripts

three GUIs it is that pops up when one clicks on a menu entry, when the window title is something generic like "network configuration" and there is no about dialog? Run "ps -ef" and look for recently started processes? -- Björn Persson pgpQzDc79uEnY.pgp Description: OpenPGP

Re: NowpPublishing fedora developer PGP keys in DNSSEC

Paul Wouters wrote: >On Sun, 1 Feb 2015, Björn Persson wrote: > >> Paul Wouters wrote: >>> paul@bofh:~$ openpgpkey --fetch pwout...@fedoraproject.org >> >> openpgpkey: /var/lib/unbound/root.anchor is not a file. Unable to use >> it as rootanchor >> &

Re: initscripts

Nico Kadel-Garcia wrote: > On Mon, Feb 2, 2015 at 12:19 AM, Björn Persson wrote: > > > What's the recommended way for a user to find out which of the three > > GUIs it is that pops up when one clicks on a menu entry, when the > > window title is something generic lik

Getconf error in 32-bit Koji

stall as to make, which I think is a good thing to do anyway, but I'm wondering if this is a bug in Koji. It looks like Getconf thinks it's running on a 64-bit platform. This error didn't happen in the mass rebuild in August. -- Björn Persson pgpSZRrR1Ci94.pgp Description: Open

Re: [Proposal] Ring-based Packaging Policies

ckages, and some projects use multiple websites and nothing enforces that the name is the same everywhere. Could the name of the root directory of its source code tree be used? Some source packages (especially those that are packaged in zip files instead of tarballs) contain multiple files an

Re: [Test-Announce] Re: 2017-03-13 @ ** 1600 ** UTC - Fedora 26 Blocker Review

g is at 16:00 UTC for > you, ie: one hour earlier. Note: UTC is always UTC, regardless of how politicians in various countries play with their clocks. UTC does not jump around. Writing "since" is therefore misleading. The fact that the meeting was at 16:00 UTC is independent of the fac

Re: Is Pagure slow for you too?

urrently steady between 200 and 205 milliseconds, and the Pagure pages I probed loaded in two to three seconds, same as the other sites I compared it to. If it's slow for some people, then it's at least not primarily because of geographical distance. Björn Persson pgpQMpB01lRpC.pgp Descriptio

Re: Is Pagure slow for you too?

erman connection > - peering over Level-3 - it is slow, too; when I'm in Flint, Michigan > - pretty much direct peering over Comcast - infra is fast. My traceroute to pagure.io went through Level 3 too, and the Pagure pages I probed today loaded in two to three seconds. Maybe it's slow o

Re: F27 System Wide Change: Rsyslog log format change proposal

programs that parse the system log and will need to understand the standard timestamp format. One can hope that they all understand it already, but the review that's needed to determine that is in my opinion reason enough to treat it as system-wide. Björn Persson pgpUZW10mnVpE.pg

Re: F27 System Wide Change: Rsyslog log format change proposal

le token is understandable. Björn Persson pgpd5jvort6PW.pgp Description: OpenPGP digital signatur ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org

floppy-support being retired (was: Retiring Packages with Broken Dependencies in branched (2017-06-26))

t...@fedoraproject.org wrote: > floppy-support bruno 162 weeks ago So are floppies now definitely a thing of the past according to Fedora? (A power supply that I recently bought came with an adapter cable for powering a diskette drive. :-) ) Bj

Re: Proposed Mass Bug Filing: Renaming "python-" binary packages to "python2-"

ython 2 program, then giving them a Python 3 library isn't going to help them. When Some Helpful Library for Python 2 goes away, then the programmer will discover this faster and cleaner by noticing that there is no python-helpfullib or python2-helpfullib package, than by unknowingly installing t

Re: Proposed Mass Bug Filing: Renaming "python-" binary packages to "python2-"

me is no time; two times is a habit. Since the Python API has been broken twice, we can expect that it will be broken again. Björn Persson pgpn5wkKqCpKD.pgp Description: OpenPGP digital signatur ___ devel mailing list -- devel@lists.fedor

Re: Proposed Mass Bug Filing: Renaming "python-" binary packages to "python2-"

Alec Leamas wrote: > On a sidenote, I think the original Swedish proverb rather is > something like "Once is never, twice is once and three times is a > habit." That's not how I've heard it, but it's not like there's a standardization organization for prove

Re: [Fedora-packaging] Bundled Provides Libraries and Versioning

g report, along the lines of "Because the version of the bundled library is unspecified, we must assume that it is a vulnerable version.", to make people aware that they can avoid irrelevant bug reports by adding a version number if one exists. Björn Persson pgpw3XWLcJgNj.pgp Descript

Re: Bundled Provides Libraries and Versioning

hese options seem > better than others, but all are reasonable and maintainers are likely > to choose different ones Indeed, that's the big flaw with this way of tracking bundled stuff, which I pointed out when it was first proposed. It seems that nobody has a good

Re: OpenH264 in Fedora

blobs with gratis patent licenses for some time. Establishing a standard based on the assumption that Cisco will continue doing that indefinitely seems like a bad idea. -- Björn Persson Sent from my computer. signature.asc Description: PGP signature -- devel mailing list devel@lists.fedoraproj

Re: Old kernels from FC19

:cf:cd:e5", NAME:="gigabit" ACTION=="add", SUBSYSTEM=="net", ATTR{address}=="00:16:6f:a9:95:34", NAME:="wifi" -- Björn Persson Sent from my computer. signature.asc Description: PGP signature -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct

Re: OpenH264 in Fedora

g that WebRTC can succeed even if operating systems don't ship the mandatory codec. Presumably he tried to convince the audience that browsers will either bundle or auto-download Cisco's OpenH264. Cisco doesn't control the IETF you know. -- Björn Persson Sent from my comp

Re: Source file audit - 2013-11-17

ertificate verification you sabotage HTTPS, turning it into HTTP with extra waste of electricity. What other verification method are you replacing it with? The current system with a plethora of CAs that everybody trusts by fiat is problematic, but it's better than no security at all. A bolt cutter does

Re: Source file audit - 2013-11-17

improve the situation? Are you hoping that the attacker won't bother compromising the server because a man-in-the-middle attack on the unauthenticated connection will be easier? -- Björn Persson Sent from my computer. signature.asc Description: PGP signature -- devel mailing list devel@lists.fedor

Re: FTBFS if "-Werror=format-security" flag is used

e a crash in any of these cases, there is still a bit of performance to be gained in many cases. Why waste cycles looking for a % in every position in a long string when you know there aren't supposed to be any formatting codes? Björn Persson signature.asc Description: PGP signature --

Re: FTBFS if "-Werror=format-security" flag is used

27;s about as secure as it gets in the standard C library. puts and fputs aren't any more dangerous than any other handling of null-terminated strings. There is definitely no security to be gained by using printf instead of puts or fputs. Björn Persson signature.asc Description: PGP signat

RPMbuild mystery parameters "--with" and "--without"

ters when building "the source RPM to be submitted", because they somehow get "serialized" into the source package. I don't understand this, because I don't submit any source packages. The source package gets built on a Koji server when I run "fedpkg build", and

Re: RPMbuild mystery parameters "--with" and "--without"

Ville Skyttä wrote: >On Mon, Jan 20, 2014 at 4:24 PM, Björn Persson > wrote: >> Apparently RPMbuild has a pair of parameters "--with" and "--without" >> that can supposedly enable and disable optional features in a >> package. Has anyone seen any docum

Re: Heads up; F22 will require applications to ship appdata to be listed in software center

amiliar with APG but from your description it sounds like a perfect example of stable and reliable software – the best kind there is. So what if it's abandoned, if no one has found any bugs? Björn Persson signature.asc Description: PGP signature -- devel mailing list devel@lists.fedoraproject.o

Re: Fedora.next in 2014 -- Big Picture and Themes

configure the NICs immediately and then it doesn't matter what the default is. Björn Persson signature.asc Description: PGP signature -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct

Re: I want to turn on a part of the kernel to make SELinux checking more stringent.

ng >> something in an init script to set the /sys/fs/selinux/checkreqprot >> value? I'm afraid all I understand of that explanation is that this has something to do with executable stacks. How does the proposed change affect programs that need an executable stack? Björn Persson sig

Re: Fedora.next in 2014 -- Big Picture and Themes

* of sarcasm >about the four foundations in the online chatter. Might it be time to add a fifth foundation, one of ferro-concrete, to provide a firm footing? Björn Persson signature.asc Description: PGP signature -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/m

Re: Declining package maintenance requests?

ght be on vacation? Furthermore, some of us contribute to Fedora as volunteers. Vacations and weekends are when we're likely to have time, but sometimes a weekend is consumed by other activities, so that volunteer work that isn't absolutely urgent may have to wait for two weeks or even lon

Re: Checking signatures on package source tarballs

with a corresponding key and signature, then the verification in %prep wouldn't catch that. Björn Persson pgpbuqBfhCQw3.pgp Description: OpenPGP digital signatur -- devel mailing list devel@lists.fedoraproject.org http://lists.fedoraproject.org/admin/lists/devel@lists.fedoraproject.org

Re: Checking signatures on package source tarballs

tween having a signature but not the key, and having a signature and a matching key. An S/MIME signature, on the other hand, is said to contain the whole certificate chain. Björn Persson pgpLK9Qd6KUit.pgp Description: OpenPGP digital signatur -- devel mailing list devel@lists.fedoraproject.org http://lists.fedoraproject.org/admin/lists/devel@lists.fedoraproject.org

Re: Checking signatures on package source tarballs

ill it do if a URL to the key is provided, and the key at that location has been modified? Will it replace the key with the modified one in the scratch build, or will it leave the key alone when there is no version number in the filename? Björn Persson pgp2Zd5H9zE4L.pgp Description: OpenPG

Re: Checking signatures on package source tarballs

ation would be required in bash.spec. This would move GPG and its dependencies to stage 2, stuff that must be built before RPMbuild can be used. Is that acceptable? Should there be something that disables the verification during bootstrapping? Björn Persson pgpCXn2l7i5IF.pgp Description: O

Re: weakdeps and the buildroot

e additional packages would have been installed if automatic installation of recommended packages hadn't been disabled.", then that's a terrible user interface that needs to be fixed. Björn Persson pgpyF3elHDoyN.pgp Description: OpenPGP digital signatur -- devel

Re: TPMs, measured boot and remote attestation in Fedora

the grub stage 1 measures the grub stage 2, the grub stage 2 > > measures the kernel and so on. > > Yet another Treacherous Computing "feature" that nobody needs! That depends entirely on who controls the keys. It's treacherous only if the sysadmin doesn't have the

Re: F26 Self Contained Change: Fontconfig cache directory change

ontconfig cache? If the Fontconfig cache doesn't belong in /var/cache for some reason, then shouldn't it be /var/lib/fontconfig/cache? I don't see how a cache could belong under /usr. Björn Persson pgp5vXGXOtWNI.pgp Description: OpenPGP digital signatur _

Re: Diagreement with pkgconfig removal

ig-guide.html and "man 1 pkg-config". Neither of those mention a field named Provides. Is there disagreement about what the file format is? It could be very bad if multiple incompatible variants of .pc files would arise so that different libraries would require different pkg-config progra

Re: Heads-up: RPM 4.16 alpha coming to rawhide

t in different contexts within the RPM spec language? Björn Persson pgp4BOUOMUGsM.pgp Description: OpenPGP digital signatur ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.

Re: CPE Git Forge Decision

to Github or Gitlab. Björn Persson pgpOiKFIBKULg.pgp Description: OpenPGP digital signatur ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Con

Re: Fedora 33 Self-Contained Change proposal: Network Time Security

u should have the option to configure the system to trust DHCP-provided NTP and DNS servers. Björn Persson pgpBIghKNvC8u.pgp Description: OpenPGP digital signatur ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe s

Re: Getting security updates out to users sooner

ix caused a regression. Let's not pretend that the trade-off between swiftness and correctness doesn't exist. Björn Persson pgpZlU2iYACYN.pgp Description: OpenPGP digital signatur ___ devel mailing list -- devel@lists.fedoraproject.org To unsu

Re: Defining the future of the packager workflow in Fedora

ps pull requests are convenient for a maintainer who receives them in large numbers – I've only ever received one pull request so I can't judge – but I don't see how they would encourage drive-by contributions. If you want to encourage drive-by contributions, then you should make i

Re: Modularity and the system-upgrade path

ing that now the user would expect it >to be treated the same as any other default-enabled stream). It looks like a non-default stream could go through the transitions available → dep_enabled → default_enabled. Is that desirable? Björn Persson

Re: Defining the future of the packager workflow in Fedora

and have it turned into a pull request automatically? Björn Persson pgpKClAtv5vfn.pgp Description: OpenPGP digital signatur ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedor

<    1   2   3   4   5   6   7   8   >